1 Network Working Group A. Gustafsson
2 Request for Comments: 3597 Nominum Inc.
3 Category: Standards Track September 2003
4
5
6 Handling of Unknown DNS Resource Record (RR) Types
7
8 Status of this Memo
9
10 This document specifies an Internet standards track protocol for the
11 Internet community, and requests discussion and suggestions for
12 improvements. Please refer to the current edition of the "Internet
13 Official Protocol Standards" (STD 1) for the standardization state
14 and status of this protocol. Distribution of this memo is unlimited.
15
16 Copyright Notice
17
18 Copyright (C) The Internet Society (2003). All Rights Reserved.
19
20 Abstract
21
22 Extending the Domain Name System (DNS) with new Resource Record (RR)
23 types currently requires changes to name server software. This
24 document specifies the changes necessary to allow future DNS
25 implementations to handle new RR types transparently.
26
27 1. Introduction
28
29 The DNS is designed to be extensible to support new services through
30 the introduction of new resource record (RR) types. In practice,
31 deploying a new RR type currently requires changes to the name server
32 software not only at the authoritative DNS server that is providing
33 the new information and the client making use of it, but also at all
34 slave servers for the zone containing it, and in some cases also at
35 caching name servers and forwarders used by the client.
36
37 Because the deployment of new server software is slow and expensive,
38 the potential of the DNS in supporting new services has never been
39 fully realized. This memo proposes changes to name servers and to
40 procedures for defining new RR types aimed at simplifying the future
41 deployment of new RR types.
42
43 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
44 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
45 document are to be interpreted as described in [RFC 2119].
46
47
48
49
50
51
52 Gustafsson Standards Track [Page 1]
53 RFC 3597 Handling of Unknown DNS RR Types September 2003
54
55
56 2. Definition
57
58 An "RR of unknown type" is an RR whose RDATA format is not known to
59 the DNS implementation at hand, and whose type is not an assigned
60 QTYPE or Meta-TYPE as specified in [RFC 2929] (section 3.1) nor
61 within the range reserved in that section for assignment only to
62 QTYPEs and Meta-TYPEs. Such an RR cannot be converted to a type-
63 specific text format, compressed, or otherwise handled in a type-
64 specific way.
65
66 In the case of a type whose RDATA format is class specific, an RR is
67 considered to be of unknown type when the RDATA format for that
68 combination of type and class is not known.
69
70 3. Transparency
71
72 To enable new RR types to be deployed without server changes, name
73 servers and resolvers MUST handle RRs of unknown type transparently.
74 That is, they must treat the RDATA section of such RRs as
75 unstructured binary data, storing and transmitting it without change
76 [RFC1123].
77
78 To ensure the correct operation of equality comparison (section 6)
79 and of the DNSSEC canonical form (section 7) when an RR type is known
80 to some but not all of the servers involved, servers MUST also
81 exactly preserve the RDATA of RRs of known type, except for changes
82 due to compression or decompression where allowed by section 4 of
83 this memo. In particular, the character case of domain names that
84 are not subject to compression MUST be preserved.
85
86 4. Domain Name Compression
87
88 RRs containing compression pointers in the RDATA part cannot be
89 treated transparently, as the compression pointers are only
90 meaningful within the context of a DNS message. Transparently
91 copying the RDATA into a new DNS message would cause the compression
92 pointers to point at the corresponding location in the new message,
93 which now contains unrelated data. This would cause the compressed
94 name to be corrupted.
95
96 To avoid such corruption, servers MUST NOT compress domain names
97 embedded in the RDATA of types that are class-specific or not well-
98 known. This requirement was stated in [RFC1123] without defining the
99 term "well-known"; it is hereby specified that only the RR types
100 defined in [RFC1035] are to be considered "well-known".
101
102
103
104
105
106
107 Gustafsson Standards Track [Page 2]
108 RFC 3597 Handling of Unknown DNS RR Types September 2003
109
110
111 The specifications of a few existing RR types have explicitly allowed
112 compression contrary to this specification: [RFC2163] specified that
113 compression applies to the PX RR, and [RFC2535] allowed compression
114 in SIG RRs and NXT RRs records. Since this specification disallows
115 compression in these cases, it is an update to [RFC2163] (section 4)
116 and [RFC2535] (sections 4.1.7 and 5.2).
117
118 Receiving servers MUST decompress domain names in RRs of well-known
119 type, and SHOULD also decompress RRs of type RP, AFSDB, RT, SIG, PX,
120 NXT, NAPTR, and SRV (although the current specification of the SRV RR
121 in [RFC2782] prohibits compression, [RFC2052] mandated it, and some
122 servers following that earlier specification are still in use).
123
124 Future specifications for new RR types that contain domain names
125 within their RDATA MUST NOT allow the use of name compression for
126 those names, and SHOULD explicitly state that the embedded domain
127 names MUST NOT be compressed.
128
129 As noted in [RFC1123], the owner name of an RR is always eligible for
130 compression.
131
132 5. Text Representation
133
134 In the "type" field of a master file line, an unknown RR type is
135 represented by the word "TYPE" immediately followed by the decimal RR
136 type number, with no intervening whitespace. In the "class" field,
137 an unknown class is similarly represented as the word "CLASS"
138 immediately followed by the decimal class number.
139
140 This convention allows types and classes to be distinguished from
141 each other and from TTL values, allowing the "[<TTL>] [<class>]
142 <type> <RDATA>" and "[<class>] [<TTL>] <type> <RDATA>" forms of
143 [RFC1035] to both be unambiguously parsed.
144
145 The RDATA section of an RR of unknown type is represented as a
146 sequence of white space separated words as follows:
147
148 The special token \# (a backslash immediately followed by a hash
149 sign), which identifies the RDATA as having the generic encoding
150 defined herein rather than a traditional type-specific encoding.
151
152 An unsigned decimal integer specifying the RDATA length in octets.
153
154 Zero or more words of hexadecimal data encoding the actual RDATA
155 field, each containing an even number of hexadecimal digits.
156
157 If the RDATA is of zero length, the text representation contains only
158 the \# token and the single zero representing the length.
159
160
161
162 Gustafsson Standards Track [Page 3]
163 RFC 3597 Handling of Unknown DNS RR Types September 2003
164
165
166 An implementation MAY also choose to represent some RRs of known type
167 using the above generic representations for the type, class and/or
168 RDATA, which carries the benefit of making the resulting master file
169 portable to servers where these types are unknown. Using the generic
170 representation for the RDATA of an RR of known type can also be
171 useful in the case of an RR type where the text format varies
172 depending on a version, protocol, or similar field (or several)
173 embedded in the RDATA when such a field has a value for which no text
174 format is known, e.g., a LOC RR [RFC1876] with a VERSION other than
175 0.
176
177 Even though an RR of known type represented in the \# format is
178 effectively treated as an unknown type for the purpose of parsing the
179 RDATA text representation, all further processing by the server MUST
180 treat it as a known type and take into account any applicable type-
181 specific rules regarding compression, canonicalization, etc.
182
183 The following are examples of RRs represented in this manner,
184 illustrating various combinations of generic and type-specific
185 encodings for the different fields of the master file format:
186
187 a.example. CLASS32 TYPE731 \# 6 abcd (
188 ef 01 23 45 )
189 b.example. HS TYPE62347 \# 0
190 e.example. IN A \# 4 0A000001
191 e.example. CLASS1 TYPE1 10.0.0.2
192
193 6. Equality Comparison
194
195 Certain DNS protocols, notably Dynamic Update [RFC2136], require RRs
196 to be compared for equality. Two RRs of the same unknown type are
197 considered equal when their RDATA is bitwise equal. To ensure that
198 the outcome of the comparison is identical whether the RR is known to
199 the server or not, specifications for new RR types MUST NOT specify
200 type-specific comparison rules.
201
202 This implies that embedded domain names, being included in the
203 overall bitwise comparison, are compared in a case-sensitive manner.
204
205 As a result, when a new RR type contains one or more embedded domain
206 names, it is possible to have multiple RRs owned by the same name
207 that differ only in the character case of the embedded domain
208 name(s). This is similar to the existing possibility of multiple TXT
209 records differing only in character case, and not expected to cause
210 any problems in practice.
211
212
213
214
215
216
217 Gustafsson Standards Track [Page 4]
218 RFC 3597 Handling of Unknown DNS RR Types September 2003
219
220
221 7. DNSSEC Canonical Form and Ordering
222
223 DNSSEC defines a canonical form and ordering for RRs [RFC2535]
224 (section 8.1). In that canonical form, domain names embedded in the
225 RDATA are converted to lower case.
226
227 The downcasing is necessary to ensure the correctness of DNSSEC
228 signatures when case distinctions in domain names are lost due to
229 compression, but since it requires knowledge of the presence and
230 position of embedded domain names, it cannot be applied to unknown
231 types.
232
233 To ensure continued consistency of the canonical form of RR types
234 where compression is allowed, and for continued interoperability with
235 existing implementations that already implement the [RFC2535]
236 canonical form and apply it to their known RR types, the canonical
237 form remains unchanged for all RR types whose whose initial
238 publication as an RFC was prior to the initial publication of this
239 specification as an RFC (RFC 3597).
240
The IETF is responsible for the creation and maintenance of the DNS RFCs. The ICANN DNS RFC annotation project provides a forum for collecting community annotations on these RFCs as an aid to understanding for implementers and any interested parties. The annotations displayed here are not the result of the IETF consensus process.
This RFC is included in the DNS RFCs annotation project whose home page is here.
This RFC is implemented in BIND 9.18 (all versions).
241 As a courtesy to implementors, it is hereby noted that the complete
242 set of such previously published RR types that contain embedded
243 domain names, and whose DNSSEC canonical form therefore involves
244 downcasing according to the DNS rules for character comparisons,
245 consists of the RR types NS, MD, MF, CNAME, SOA, MB, MG, MR, PTR,
246 HINFO, MINFO, MX, HINFO, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX, SRV,
247 DNAME, and A6.
248
249 This document specifies that for all other RR types (whether treated
250 as unknown types or treated as known types according to an RR type
251 definition RFC more recent than RFC 3597), the canonical form is such
252 that no downcasing of embedded domain names takes place, and
253 otherwise identical to the canonical form specified in [RFC2535]
254 section 8.1.
255
256 Note that the owner name is always set to lower case according to the
257 DNS rules for character comparisons, regardless of the RR type.
258
259 The DNSSEC canonical RR ordering is as specified in [RFC2535] section
260 8.3, where the octet sequence is the canonical form as revised by
261 this specification.
262
263 8. Additional Section Processing
264
265 Unknown RR types cause no additional section processing. Future RR
266 type specifications MAY specify type-specific additional section
267 processing rules, but any such processing MUST be optional as it can
268 only be performed by servers for which the RR type in case is known.
269
270
271
272 Gustafsson Standards Track [Page 5]
273 RFC 3597 Handling of Unknown DNS RR Types September 2003
274
275
276 9. IANA Considerations
277
278 This document does not require any IANA actions.
279
280 10. Security Considerations
281
282 This specification is not believed to cause any new security
283 problems, nor to solve any existing ones.
284
285 11. Normative References
286
287 [RFC1034] Mockapetris, P., "Domain Names - Concepts and
288 Facilities", STD 13, RFC 1034, November 1987.
289
290 [RFC1035] Mockapetris, P., "Domain Names - Implementation and
291 Specifications", STD 13, RFC 1035, November 1987.
292
293 [RFC1123] Braden, R., Ed., "Requirements for Internet Hosts --
294 Application and Support", STD 3, RFC 1123, October 1989.
295
296 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
297 Requirement Levels", BCP 14, RFC 2119, March 1997.
298
299 [RFC2535] Eastlake, D., "Domain Name System Security Extensions",
300 RFC 2535, March 1999.
301
302 [RFC2163] Allocchio, C., "Using the Internet DNS to Distribute
303 MIXER Conformant Global Address Mapping (MCGAM)", RFC
304 2163, January 1998.
305
306 [RFC2929] Eastlake, D., Brunner-Williams, E. and B. Manning,
307 "Domain Name System (DNS) IANA Considerations", BCP 42,
308 RFC 2929, September 2000.
309
310 12. Informative References
311
312 [RFC1876] Davis, C., Vixie, P., Goodwin, T. and I. Dickinson, "A
313 Means for Expressing Location Information in the Domain
314 Name System", RFC 1876, January 1996.
315
316 [RFC2052] Gulbrandsen, A. and P. Vixie, "A DNS RR for specifying
317 the location of services (DNS SRV)", RFC 2052, October
318 1996.
319
320 [RFC2136] Vixie, P., Ed., Thomson, S., Rekhter, Y. and J. Bound,
321 "Dynamic Updates in the Domain Name System (DNS UPDATE)",
322 RFC 2136, April 1997.
323
324
325
326
327 Gustafsson Standards Track [Page 6]
328 RFC 3597 Handling of Unknown DNS RR Types September 2003
329
330
331 [RFC2782] Gulbrandsen, A., Vixie, P. and L. Esibov, "A DNS RR for
332 specifying the location of services (DNS SRV)", RFC 2782,
333 February 2000.
334
335 13. Intellectual Property Statement
336
337 The IETF takes no position regarding the validity or scope of any
338 intellectual property or other rights that might be claimed to
339 pertain to the implementation or use of the technology described in
340 this document or the extent to which any license under such rights
341 might or might not be available; neither does it represent that it
342 has made any effort to identify any such rights. Information on the
343 IETF's procedures with respect to rights in standards-track and
344 standards-related documentation can be found in BCP-11. Copies of
345 claims of rights made available for publication and any assurances of
346 licenses to be made available, or the result of an attempt made to
347 obtain a general license or permission for the use of such
348 proprietary rights by implementors or users of this specification can
349 be obtained from the IETF Secretariat.
350
351 The IETF invites any interested party to bring to its attention any
352 copyrights, patents or patent applications, or other proprietary
353 rights which may cover technology that may be required to practice
354 this standard. Please address the information to the IETF Executive
355 Director.
356
357 14. Author's Address
358
359 Andreas Gustafsson
360 Nominum, Inc.
361 2385 Bay Rd
362 Redwood City, CA 94063
363 USA
364
365 Phone: +1 650 381 6004
366 EMail: gson@nominum.com
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382 Gustafsson Standards Track [Page 7]
383 RFC 3597 Handling of Unknown DNS RR Types September 2003
384
385
386 15. Full Copyright Statement
387
388 Copyright (C) The Internet Society (2003). All Rights Reserved.
389
390 This document and translations of it may be copied and furnished to
391 others, and derivative works that comment on or otherwise explain it
392 or assist in its implementation may be prepared, copied, published
393 and distributed, in whole or in part, without restriction of any
394 kind, provided that the above copyright notice and this paragraph are
395 included on all such copies and derivative works. However, this
396 document itself may not be modified in any way, such as by removing
397 the copyright notice or references to the Internet Society or other
398 Internet organizations, except as needed for the purpose of
399 developing Internet standards in which case the procedures for
400 copyrights defined in the Internet Standards process must be
401 followed, or as required to translate it into languages other than
402 English.
403
404 The limited permissions granted above are perpetual and will not be
405 revoked by the Internet Society or its successors or assignees.
406
407 This document and the information contained herein is provided on an
408 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
409 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
410 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
411 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
412 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
413
414 Acknowledgement
415
416 Funding for the RFC Editor function is currently provided by the
417 Internet Society.
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437 Gustafsson Standards Track [Page 8]
438
As a courtesy to implementors, it is hereby noted that the complete set of such previously published RR types that contain embedded domain names, and whose DNSSEC canonical form therefore involves downcasing according to the DNS rules for character comparisons, consists of the RR types NS, MD, MF, CNAME, SOA, MB, MG, MR, PTR, HINFO, MINFO, MX, HINFO, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX, SRV, DNAME, and A6.
[not supplied]
"3. if the type of the RR is NS, MD, MF, CNAME, SOA, MB, MG, MR,PTR, HINFO, MINFO, MX, HINFO, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX, SRV, DNAME, A6, RRSIG, or NSEC, all uppercase US-ASCII letters in the DNS names contained within the RDATA are replaced by the corresponding lowercase US-ASCII letters;"